Re: [hiprg] draft-zhang-hip-hierarchical-parameter-00: Includinghieararchy in HIT generation
"Henderson, Thomas R" <thomas.r.henderson@boeing.com> Mon, 10 August 2009 16:13 UTC
Return-Path: <thomas.r.henderson@boeing.com>
X-Original-To: hiprg@core3.amsl.com
Delivered-To: hiprg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CEB7028C16F for <hiprg@core3.amsl.com>; Mon, 10 Aug 2009 09:13:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.409
X-Spam-Level:
X-Spam-Status: No, score=-4.409 tagged_above=-999 required=5 tests=[AWL=-1.424, BAYES_40=-0.185, J_CHICKENPOX_16=0.6, J_CHICKENPOX_19=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wxc9TAeVSKi0 for <hiprg@core3.amsl.com>; Mon, 10 Aug 2009 09:13:22 -0700 (PDT)
Received: from slb-smtpout-01.boeing.com (slb-smtpout-01.boeing.com [130.76.64.48]) by core3.amsl.com (Postfix) with ESMTP id 0A6C228C164 for <hiprg@irtf.org>; Mon, 10 Aug 2009 09:13:22 -0700 (PDT)
Received: from slb-av-01.boeing.com (slb-av-01.boeing.com [129.172.13.4]) by slb-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id n7AGCdIH000725 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 10 Aug 2009 09:12:39 -0700 (PDT)
Received: from slb-av-01.boeing.com (localhost [127.0.0.1]) by slb-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id n7AGCdNX008520; Mon, 10 Aug 2009 09:12:39 -0700 (PDT)
Received: from XCH-NWBH-11.nw.nos.boeing.com (xch-nwbh-11.nw.nos.boeing.com [130.247.55.84]) by slb-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id n7AGCbYg008369; Mon, 10 Aug 2009 09:12:38 -0700 (PDT)
Received: from XCH-NW-5V1.nw.nos.boeing.com ([130.247.55.44]) by XCH-NWBH-11.nw.nos.boeing.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 10 Aug 2009 09:12:38 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 10 Aug 2009 09:12:38 -0700
Message-ID: <77F357662F8BFA4CA7074B0410171B6D0A8B7219@XCH-NW-5V1.nw.nos.boeing.com>
In-Reply-To: <C1CCBFC6-D133-4CCE-8ABF-3B7A88EC9B0B@cs.rwth-aachen.de>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [hiprg] draft-zhang-hip-hierarchical-parameter-00: Includinghieararchy in HIT generation
Thread-Index: AcoPg6Bi2z0pX6p4SVy893mzy7yk7wKUE+bQ
References: <C1CCBFC6-D133-4CCE-8ABF-3B7A88EC9B0B@cs.rwth-aachen.de>
From: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
To: Tobias Heer <heer@cs.rwth-aachen.de>, zhangdacheng@huawei.com, Xu Xiaohu <xuxh@huawei.com>
X-OriginalArrivalTime: 10 Aug 2009 16:12:38.0741 (UTC) FILETIME=[61773050:01CA19D5]
Cc: hiprg@irtf.org
Subject: Re: [hiprg] draft-zhang-hip-hierarchical-parameter-00: Includinghieararchy in HIT generation
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2009 16:13:22 -0000
> -----Original Message----- > From: Tobias Heer [mailto:heer@cs.rwth-aachen.de] > Sent: Tuesday, July 28, 2009 6:02 AM > To: zhangdacheng@huawei.com; Xu Xiaohu > Cc: hiprg@irtf.org > Subject: [hiprg] draft-zhang-hip-hierarchical-parameter-00: > Includinghieararchy in HIT generation > > Hi! > > I just wanted to clarify my comment in the HIPRG meeting on > including > the hierarchy in the HIT creation process. I think it would > be good to > have the hierarchy information in the HIT creation process > because the > hierarchy will be bound to the HIT itself. > > Below I briefly sketched a possible way of including it without > revealing the hierarchy to all hosts. > > HIT generation could work like this: > > 1. Pick random secret X > > 2. H(Hierarchy, X) => HTag > > 3. H(PubKey, ..., HTag) => HIT (Orchid) > > --> Only use LTag if you do not want to reveal hierarchy. > --> Use hierarchy and X if you want to reveal the hierarchy. Hi Tobias, I recently had a chance to listen to the audio archive of the meeting and I'm reviewing the mail now. Can you explain in more detail what is the use case for what you are proposing? I thought that the draft was mainly concerned with having publicly revealed hierarchies so that reverse lookups could exploit hierarchy. In your proposal above, for the observer who knows X, how does such observer retrieve hierarchy bits, given the HIT, HTag, and X? Also, I am not sure you can claim that the result from your above is a HIT, because according to RFC4843 and 5201, a HIT is formed without these HTags. In particular, the HIT would no longer be able to be associated to the key, for an observer who does not know the magic HTag to apply. Tom
- [hiprg] draft-zhang-hip-hierarchical-parameter-00… Tobias Heer
- Re: [hiprg] draft-zhang-hip-hierarchical-paramete… Tobias Heer
- Re: [hiprg] draft-zhang-hip-hierarchical-paramete… Tobias Heer
- Re: [hiprg] draft-zhang-hip-hierarchical-paramete… Henderson, Thomas R
- Re: [hiprg] draft-zhang-hip-hierarchical-paramete… Tobias Heer
- Re: [hiprg] draft-zhang-hip-hierarchical-paramete… Henderson, Thomas R
- Re: [hiprg] draft-zhang-hip-hierarchical-paramete… Tobias Heer